* [PATCH] usb: core: add bos NULL pointer checking condition [not found] <CGME20231004062700epcas1p16fe36bf6b6a6e5d9d4adeaef32937480@epcas1p1.samsung.com> @ 2023-10-04 6:26 ` Woo-kwang Lee 2023-10-04 6:36 ` Greg KH 0 siblings, 1 reply; 5+ messages in thread From: Woo-kwang Lee @ 2023-10-04 6:26 UTC (permalink / raw) To: gregkh; +Cc: linux-usb, linux-kernel, stable, wookwang.lee, sj1557.seo This issue occurs when connecting Galaxy S22 and abnormal SEC Dex Adapter. When the abnormal adapter is connected, kernel panic always occurs after a few seconds. This occurs due to unable to get BOS descriptor, usb_release_bos_descriptor set dev->bos = NULL. - usb_reset_and_verify_device - hub_port_init - usb_release_bos_descriptor - dev->bos = NULL; hub_port_connect_change() calls portspeed(), and portspeed() calls hub_is_s uperspeedplus(). Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap. It needs to check hdev->bos is NULL to prevent a kernel panic. usb 3-1: new SuperSpeed Gen 1 USB device number 16 using xhci-hcd-exynos usb 3-1: unable to get BOS descriptor set usb 3-1: Product: USB3.0 Hub Unable to handle kernel NULL pointer dereference at virtual address 0000018 Call trace: hub_port_connect_change+0x8c/0x538 port_event+0x244/0x764 hub_event+0x158/0x474 process_one_work+0x204/0x550 worker_thread+0x28c/0x580 kthread+0x13c/0x178 ret_from_fork+0x10/0x30 - hub_port_connect_change - portspeed - hub_is_superspeedplus Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status request") Signed-off-by: Woo-kwang Lee <wookwang.lee@samsung.com> --- drivers/usb/core/hub.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h index 73f4482d833a..cc0c994e19e5 100644 --- a/drivers/usb/core/hub.h +++ b/drivers/usb/core/hub.h @@ -139,6 +139,8 @@ static inline int hub_is_superspeed(struct usb_device *hdev) static inline int hub_is_superspeedplus(struct usb_device *hdev) { + if (!hdev->bos) + return 0; return (hdev->descriptor.bDeviceProtocol == USB_HUB_PR_SS && le16_to_cpu(hdev->descriptor.bcdUSB) >= 0x0310 && hdev->bos->ssp_cap); -- 2.17.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] usb: core: add bos NULL pointer checking condition 2023-10-04 6:26 ` [PATCH] usb: core: add bos NULL pointer checking condition Woo-kwang Lee @ 2023-10-04 6:36 ` Greg KH 2023-10-04 7:06 ` Woo-kwang Lee 0 siblings, 1 reply; 5+ messages in thread From: Greg KH @ 2023-10-04 6:36 UTC (permalink / raw) To: Woo-kwang Lee; +Cc: linux-usb, linux-kernel, stable, sj1557.seo On Wed, Oct 04, 2023 at 03:26:42PM +0900, Woo-kwang Lee wrote: > This issue occurs when connecting Galaxy S22 and abnormal SEC Dex Adapter. > When the abnormal adapter is connected, kernel panic always occurs after a > few seconds. > This occurs due to unable to get BOS descriptor, usb_release_bos_descriptor > set dev->bos = NULL. > > - usb_reset_and_verify_device > - hub_port_init > - usb_release_bos_descriptor > - dev->bos = NULL; > > hub_port_connect_change() calls portspeed(), and portspeed() calls hub_is_s > uperspeedplus(). > Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap. > It needs to check hdev->bos is NULL to prevent a kernel panic. > > usb 3-1: new SuperSpeed Gen 1 USB device number 16 using xhci-hcd-exynos > usb 3-1: unable to get BOS descriptor set > usb 3-1: Product: USB3.0 Hub > Unable to handle kernel NULL pointer dereference at virtual address 0000018 > > Call trace: > hub_port_connect_change+0x8c/0x538 > port_event+0x244/0x764 > hub_event+0x158/0x474 > process_one_work+0x204/0x550 > worker_thread+0x28c/0x580 > kthread+0x13c/0x178 > ret_from_fork+0x10/0x30 > > - hub_port_connect_change > - portspeed > - hub_is_superspeedplus > > Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status request") > Signed-off-by: Woo-kwang Lee <wookwang.lee@samsung.com> > --- > drivers/usb/core/hub.h | 2 ++ > 1 file changed, 2 insertions(+) Are you sure this isn't already fixed by commit f74a7afc224a ("usb: hub: Guard against accesses to uninitialized BOS descriptors") in linux-next? thanks, greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] usb: core: add bos NULL pointer checking condition 2023-10-04 6:36 ` Greg KH @ 2023-10-04 7:06 ` Woo-kwang Lee 2023-10-04 7:21 ` 'Greg KH' 0 siblings, 1 reply; 5+ messages in thread From: Woo-kwang Lee @ 2023-10-04 7:06 UTC (permalink / raw) To: 'Greg KH'; +Cc: linux-usb, linux-kernel, stable, sj1557.seo Hello. I think I missed the patch. Thank you for your quick feedback. Woo-kwang Lee > On Wed, Oct 04, 2023 at 03:26:42PM +0900, Woo-kwang Lee wrote: > > This issue occurs when connecting Galaxy S22 and abnormal SEC Dex > Adapter. > > When the abnormal adapter is connected, kernel panic always occurs > > after a few seconds. > > This occurs due to unable to get BOS descriptor, > > usb_release_bos_descriptor set dev->bos = NULL. > > > > - usb_reset_and_verify_device > > - hub_port_init > > - usb_release_bos_descriptor > > - dev->bos = NULL; > > > > hub_port_connect_change() calls portspeed(), and portspeed() calls > > hub_is_s uperspeedplus(). > > Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap. > > It needs to check hdev->bos is NULL to prevent a kernel panic. > > > > usb 3-1: new SuperSpeed Gen 1 USB device number 16 using > > xhci-hcd-exynos usb 3-1: unable to get BOS descriptor set usb 3-1: > > Product: USB3.0 Hub Unable to handle kernel NULL pointer dereference > > at virtual address 0000018 > > > > Call trace: > > hub_port_connect_change+0x8c/0x538 > > port_event+0x244/0x764 > > hub_event+0x158/0x474 > > process_one_work+0x204/0x550 > > worker_thread+0x28c/0x580 > > kthread+0x13c/0x178 > > ret_from_fork+0x10/0x30 > > > > - hub_port_connect_change > > - portspeed > > - hub_is_superspeedplus > > > > Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status > > request") > > Signed-off-by: Woo-kwang Lee <wookwang.lee@samsung.com> > > --- > > drivers/usb/core/hub.h | 2 ++ > > 1 file changed, 2 insertions(+) > > Are you sure this isn't already fixed by commit f74a7afc224a ("usb: hub: > Guard against accesses to uninitialized BOS descriptors") in linux-next? > > thanks, > > greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] usb: core: add bos NULL pointer checking condition 2023-10-04 7:06 ` Woo-kwang Lee @ 2023-10-04 7:21 ` 'Greg KH' 2023-10-04 7:34 ` Woo-kwang Lee 0 siblings, 1 reply; 5+ messages in thread From: 'Greg KH' @ 2023-10-04 7:21 UTC (permalink / raw) To: Woo-kwang Lee; +Cc: linux-usb, linux-kernel, stable, sj1557.seo On Wed, Oct 04, 2023 at 04:06:17PM +0900, Woo-kwang Lee wrote: > Hello. I think I missed the patch. I do not understand, does that mean that you have tested the patch (and which one, please do not top post), and that this is not needed? confused, greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] usb: core: add bos NULL pointer checking condition 2023-10-04 7:21 ` 'Greg KH' @ 2023-10-04 7:34 ` Woo-kwang Lee 0 siblings, 0 replies; 5+ messages in thread From: Woo-kwang Lee @ 2023-10-04 7:34 UTC (permalink / raw) To: 'Greg KH'; +Cc: linux-usb, linux-kernel, stable, sj1557.seo Hello. Grek. It means that this is not needed. Commit id f74a7afc224a already has hub_is_superspeedplus modification. I'm sorry for the confusion. Thank you. Woo-kwang Lee > -----Original Message----- > From: 'Greg KH' <gregkh@linuxfoundation.org> > Sent: Wednesday, October 4, 2023 4:22 PM > To: Woo-kwang Lee <wookwang.lee@samsung.com> > Cc: linux-usb@vger.kernel.org; linux-kernel@vger.kernel.org; > stable@vger.kernel.org; sj1557.seo@samsung.com > Subject: Re: [PATCH] usb: core: add bos NULL pointer checking condition > > On Wed, Oct 04, 2023 at 04:06:17PM +0900, Woo-kwang Lee wrote: > > Hello. I think I missed the patch. > > I do not understand, does that mean that you have tested the patch (and > which one, please do not top post), and that this is not needed? > > confused, > greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-10-04 7:34 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CGME20231004062700epcas1p16fe36bf6b6a6e5d9d4adeaef32937480@epcas1p1.samsung.com>
2023-10-04 6:26 ` [PATCH] usb: core: add bos NULL pointer checking condition Woo-kwang Lee
2023-10-04 6:36 ` Greg KH
2023-10-04 7:06 ` Woo-kwang Lee
2023-10-04 7:21 ` 'Greg KH'
2023-10-04 7:34 ` Woo-kwang Lee
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).